Setting up a service account for Office 365 & Exchange
Please note: For information on configuring with Modern Authentication, please click here.
Introduction
Gold-Vision automatically tracks email (and synchronises Tasks, Appointments and Contacts from MS Exchange) by using a service on the local server to login to users’ mailboxes and record messages into the CRM system.
The settings for privacy and exclusions outside of this rule can be configured separately: User Mail Tracking Setup.
This guide covers the different requirements for Office 365, Exchange 2013 to 2019 and Exchange 2007-2010. For any other email systems, please contact your Account Manager at Gold-Vision.
Once the Service Account has been setup use the account details to enable the User Mail Tracking Settings.
Configure Service Account for Office 365
Add an additional user to act as the service account and ensure this member is a member of the below. The discovery management and application impersonation are configured within the Exchange Admin Centre for Office 365.
Info
To configure the User Mail Tracking in Gold-Vision, you will need the username and password of this account.
Configure Service Account for Exchange Web Services
Gold-Vision uses the Exchange Web Services (EWS) to interface with Exchange. If you do not have the Exchange Web Services configured for some reason then the method for Exchange 2000/2003 can be used, however, this is not recommended.
While using this set-up guide please refer to your IT Support if any of these standard commands result in error messages.
Before you begin, you will need:
- The web address for the Exchange Web Services e.g. https://mail.company.com/EWS/Exchange.asmx
- A username and password to access the above URL
- The Primary SMTP address of the mailbox to be scanned
- Administrative access to the Exchange server and also the Exchange Management Shell (must be a member of the ‘Recipient Administrators’ group in AD)
- Make a note of the Active Directory user that runs the Gold-Schedule service on the Gold-Vision server. This user will henceforth be referred to as the ‘goldvision’ user.
Configure Exchange 2013 to 2019
The ‘goldvision’ user requires explicit access rights to be granted in Exchange.
Note: The rights are configured using the Exchange Management Shell.
- Log on to the Exchange server as an AdministratorOpen the Exchange Management Shell from the Start menu
- Log on to the Exchange server as an Administrator
- Open the Exchange Management Shell from the Start menu
Adding impersonate permission for Gold-Vision user (where the user is called ‘goldvision’)
New-ManagementRoleAssignment -Name:impersonationAssignmentName -Role:ApplicationImpersonation -User:goldvision
Configure Exchange 2007 – 2010
In order to scan Exchange mailboxes, the ‘goldvision’ user requires explicit access rights to be granted in Exchange. Note: The rights are configured using the Exchange Management Shell.
- Log on to the Exchange server as an Administrator
- Open the Exchange Management Shell from the Start menu
Step 1. Adding impersonate permission for Gold-Vision user
Add-ADPermission -Identity (Get-ExchangeServer -Identity "exchange").DistinguishedName -User (Get-User -Identity "goldvision").identity -extendedRight ms-Exch-EPI-Imperrsonation
Note: “exchange” – Exchange Server Name and “goldvision” – The ‘goldvision’ user identity.
Step 2. Adding permissions on each user account
Add-ADPermission -Identity "User Name 1" -user goldvision -extendedRight ms-Exch-EPI-May-Impersonate Add-ADPermission -Identity "User Name 2" -user goldvision -extendedRight ms-Exch-EPI-May-Impersonate Add-ADPermission -Identity "User Name 3" -user goldvision -extendedRight ms-Exch-EPI-May-Impersonate
Note: ‘User 1’, ‘User 2’ etc. are example users and ‘goldvision’ refers to the Gold-Vision Service user that is expected to be connecting.
Info
To configure the User Mail Tracking in Gold-Vision you will need the username and password of the ‘goldvision’ account and the EWS URL.
Related articles 